In Technology We Trust.

by David Klemke on May 5, 2010

I love me a good widget. Between my daily intake of news from sites like Engadget and Techcrunch I know there’s always something in the pipeline that’s assured to take some of my time and/or money away from me in the future. It’s probably why I stuck around for so long at my first ever job in a retail electronics store as I always got to have a good fiddle with all the wondrous tech that I couldn’t yet afford before putting it on display my clientele. Back then though the Internet was still reeling from the dot com crash and most of the tech I sold didn’t really make use of any on-line services. Today however it’s hard to find a gadget that doesn’t want to phone home for one reason or another, usually to make use of data stored elsewhere.

Realisitically this is a good thing. The whole Web 2.0 revolution has culminated in an online world where sharing any information you have with the wider world is considered the norm and you’d be damned for trying otherwise. This is how the idea for Geon originally came about as a quick search around the web turned up no less than 6 services all ready, willing and able to give up their data to me for no cost at all and in the format I desired. It hasn’t stopped there either as nearly every other week I’m finding yet another service (the latest is Groupon) that will happily provide me with some feed coupled with the geographical co-ordinates I so hungrily desire. I’m not the only one taking advantage of these feeds either and a whole host of mash-up applications are available, and many of them reaping the benefits of the open webs standard of sharing.

Still it’s kind of interesting to note how much trust we put in these open services. Take for instance good old Twitter. Many of the heaviest users don’t use it directly through the web interface, mostly because whilst it’s functional it’s far from the best interface designed for the service. I myself prefer to use Echofon which remembers which tweets I’ve read and gives me a slick interface for uploading pictures and all manner of Twitter related tasks. The only issue really is that I have to provide my raw login details to the application in order to make use of these features. Whilst this isn’t a problem for most people (my Twitter account hasn’t been hijacked…yet) it does mean that in order to make use of this client and the service you have to place a certain amount of trust in them, and this is where things start to get tricky.

There’s been many attempts to get over this problem of how to determine who to trust on the Internet. The most common method currently used is in the form of digital signatures and certificates. In essence this boils down to having some central authority (or authorities, as the case currently is) who verifies that someone is who they say they are. Once they’ve done this they issue them with a digital certificate which proclaims that central authority X verified them, and then they can use that certificate to show that they are who they say they are. Again there’s a certain amount of trust that must then be placed in the central authority but the model has worked (for the most part) with many large companies being trusted central authorities for such activities. Every time you visit a site that gives you that little lock in your browser bar or colours it blue or green it’s that central authority verification in action. This has its problems still since it seems some authorities are a bit lax when it comes to verifying people and the system itself has been shown vulnerable to certain attacks, but you’ll get that with any popular system.

One of the most novel ideas I’ve seen so far was the idea of OAuth. The idea is that you grant an application a token which allows them to access your data on a service. Depending on the token it could be limited to a certain subset of data (say your public timeline on Twitter), valid only for a specific time frame or even valid only for a specific device. There’s still an amount of trust involved however it gives an enormous amount of power to the user to do damage control should an app or service go rogue. Granted such incidents are rare but at least with a system like OAuth you’re not left with any other options than hoping the service provider will fix the problem or trying to do it yourself.

For the most part though the open web has prevented any wide scale skullduggery from apps and services that everyone once trusted. I’d put that down to a good chunk of the big players being either Google or having a heavy involvement with Google who’s policy of “Do no evil” seems to keep most of them honest. Additionally your service or app isn’t long for the Internet world should your users find you’re screwing them in one way or another, although there are some notable exceptions.

None of this bellyaching has stopped me from using a myriad of online services and it never will. As long as you don’t delude yourself about what can happen on the Internet I have no problem with big companies calculating all sorts of metrics on me in exchange for a service I find useful. I still cast a weary eye towards any new player in the Internet field and so should you, but that shouldn’t stop you from using anything online altogether. I guess the point I’m trying to make is that you should be aware of what you’re getting into when you type that magical user name and password into your app of choice, and don’t be surprised when you find out that that free service you were given had a hidden cost.

2 Comments

Good times mate, good times 😀 I still loved it how I could be playing something on the GameBoy and customers would walk in, see me put it away to go help them and they’d say “No no, we’re right, go back to what you were doing”.